Automatic Blocking of Codes and Cookies

Please be aware, that automatic blocking is not 100% safe! If you want to ensure compliance, you should always prefer manual blocking over automatic blocking for codes and cookies!

Common issues with the automatic blocking codes can be resolved by using the CMP Debugger Console. Please see here fore more information.

How Automatic Blocking works

In order to prevent the website visitor from data processing, the automatic blocking feature can automatically disable scripts and iframes that are integrated into a website. In this case, no additional adjustments of the scripts/iframes are necessary (whereas the manual blocking mechanism requires you to change the codes of the scripts and iframes).

When the page loads, the automatic blocking feature will load and check all scripts and iframes that are included in your website. It will then disable iframes and external scripts. It will also check if inline scripts try to set cookies and of so, it will also block these inline scripts. Scripts and iframes that are disabled can then be enabled by the CMP as soon as consent is given.

All disabled scripts/iframes are disabled the same way as if you would apply manual blocking to these codes. This means that you can use the same attributes and logic for these codes.

Integrating the Code for Automatic Blocking

In order to ensure that the automatic blocking can work, it is strictly necessary to install the blocking code directly after <head> in your websites source code and before any other <script ...> or <iframe ...> element. Place the following code into all sites of your website:

<!DOCTYPE html>
 <script src="" data-cmp-ab="1"></script>
 ... your CMP-Code goes here ... 

Please note: The automatic blocking code cannot be loaded asynchronously!

Please note: The automatic blocking code cannot be loaded using a TagManager!

Configuring Automatic Blocking

In some cases it can be required to change the behavior of the automatic blocking mechanism. In order to do so, please insert the following <script> right before the automatic blocking code:

 <script data-cmp-ab="1">
  window.cmp_block_inline = true;      //true = blocking of inline scripts
  window.cmp_block_unkown = true;      //true = blocking of unknown external scripts/iframes
  window.cmp_block_sync = true;        //true = blocking of synchronous scripts
  window.cmp_block_img = false;        //true = blocking of images
  window.cmp_block_samedomain = false; //true = blocking of scripts/iframes/images from the same domain
  window.cmp_block_ignoredomains = ["","",""]; // list of domains that should not be blocked

Each lines of the above script contains a setting that can be enabled/disabled. Change the seting to true or false in order to enable or disable it.

Assiging domains

If the automatic blocking finds domains on your website that are not assigned to any vendor, it will alert this to the system and inform you to apply changes:

  1. Add the automatic blocking code to your website
  2. Visit your website in order for the code to detect the domains/codes that are blocked but not assigned to a vendor
  3. Login to your account and go to Menu > CMPs
  4. Next to the CMP you should see a warning that new domains are found. Click on the warning:

  5. Assign each domain to a vendor
  6. Go to Menu > Vendors and ensure that each vendor is assigned to a purpose
  7. Ensure that necessary vendors and/or purposes are set to the right legal basis in order to prevent visitors from disabling them

Reasons unassigned domains are found

The automatic blocking code will alert the system when domains are blocked for which no vendor can be found. Here is a list of reasons why this can happen:

  1. The blocking code will only "know" about vendors that are in your vendorlist. If a code is on your website but the corresponding vendor is not in your vendorlist, the domain for this code will be alerted so that you can add the vendor.
  2. We see many cases in which a websites are embedded in other websites (e.g. Google Cache, Google Translate or Bing Cache and so on). In this case the blocking code will not only find the codes that are included in your website but also the codes that are included in the page that embedded your content. In this case you might see domains that are not actually relevant for you and you can simply ignore them.
  3. We see many cases in which website visitors seem to use certain plugins, toolbars or simply have malware installed in their PC. In these cases the plugin/toolbar/malware can inject new HTML code into each website that the visitor sees. For example certain Antivirus tools add a "safe" icon next to each link and some malware inserts advertising into the websites. If you find domains that seem incorrect, simply ignore them.

Automatic Blocking & TagManagers

In order to prevent TagManagers from being blocked by the automatic blocking, please ensure that you add the attribute data-cmp-ab="1" to the TagManager script. For example the code of the Google TagManager could look like this:

<script data-cmp-ab="1">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],

Excluding scripts/iframes from automatic blocking

In some cases it can be necessary to exclude a script or an iframe from automatic blocking. In order to do this, please insert the attribute data-cmp-ab="1" into the script or iframe code. Example:

<script data-cmp-ab="1" src="https://..."></script>

Limitations of Automatic Blocking

Please note that Automatic Blocking is not safe due to some technical limitations. These are:

  • Automatic blocking can only work if it is the first script in the website code. If it is installed behind/under an other script or iframe, the above script or iframe cannot be blocked before loading!
  • Automatic blocking must be installed synchronously and cannot be loaded via a TagManger!
  • Although the automatic blocking script loads synchronously as the first item in the page, modern browser try to preload other sources from third parties asynchronously. This means a browser could already send a request to a third party server while loading the automatic blocking script. In this case the third party server can already process personal data and/or set cookies that cannot be blocked by the automatic blocking feature.
  • Automatic blocking will only work with modern browsers (IE11, Edge 18, Firefox 14, Chrome 18, Opera 15, Safari 7)
Back to top